package cn.hyh.core.component;

import org.springframework.boot.web.servlet.ServletComponentScan;
import org.springframework.http.HttpMethod;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.BufferedReader;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;

/**
 * @auther :hyh
 * @desc :    前后端分离存在 跨域的问题  全局跨域拦截器
 * @date :2019/7/21
 */
//@Component
//@ServletComponentScan   // 注解方式配置过滤器
//@WebFilter(urlPatterns = "/*",filterName = "crosFilter")
public class CrosFilter implements Filter {
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse)servletResponse;
        System.out.println("执行拦截器解决跨域问题。。");
//        response.setHeader("Access-Control-Allow-Origin", "http://localhost:8081");
////        response.setHeader("Access-Control-Allow-Origin", "http://www.runtimeexception.cn");
//        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
//        response.setHeader("Access-Control-Max-Age", "3600");
//        response.setHeader("Access-Control-Allow-Headers","Origin, X-Requested-With, Content-Type, Accept");
        /**
         * 跨域请求是默认不携带认证信息的，如果想用session 来管理会话，那么
         * 就要前端设置 withCredentials = true，后端 Access-Control-Allow-Credentials=true
         * 或者  在头部使用token  来替代 cookie 从而实现认证。
         */
//        response.setHeader("Access-Control-Allow-Credentials", "true");


     //允许多个跨域。
        String[] allowDomain = {"http://localhost:8080","http://localhost:8081","http://www.runtimeexception.cn","http://117.50.188.10","http://49.235.21.244"};
        Set<String> allowedOrigins = new HashSet<String>(Arrays.asList(allowDomain));
        String originHeader = request.getHeader("Origin");
        if (allowedOrigins.contains(originHeader)) {
            response.setHeader("Access-Control-Allow-Origin", originHeader);
            response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Cookie");
            response.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH");
            response.setHeader("Access-Control-Allow-Credentials", "true");
            response.setHeader("Access-Control-Max-Age", "3600");
        }

        if (RequestMethod.OPTIONS.name().equalsIgnoreCase(request.getMethod())) {
            response.setStatus(200);
            return ;
        }

        //放行
       filterChain.doFilter(servletRequest,servletResponse);

    }

    @Override
    public void destroy() {

    }
}
